ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Total
5459 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31376 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.3.1. | ||||
| CVE-2024-31375 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7. | ||||
| CVE-2024-31373 | 2 E2pdf, Wordpress | 2 E2pdf, Wordpress | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27. | ||||
| CVE-2024-31372 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. | ||||
| CVE-2024-31371 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | ||||
| CVE-2024-31292 | 1 Wordpress | 1 Import Xml And Rss Feeds Plugin | 2024-11-21 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5. | ||||
| CVE-2024-31269 | 2 Supsystic, Wordpress | 2 Easy Google Maps, Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. | ||||
| CVE-2024-31265 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 3.7 Low |
| Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | ||||
| CVE-2024-31264 | 2 Dfactory, Wordpress | 2 Post Views Counter, Wordpress | 2024-11-21 | 4.3 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. | ||||
| CVE-2024-31251 | 2 Peepso, Wordpress | 2 Community By Peepso, Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | ||||
| CVE-2024-31239 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. | ||||
| CVE-2024-31231 | 2 Sizam Design, Wordpress | 2 Rehub, Wordpress | 2024-11-21 | 9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. | ||||
| CVE-2024-31230 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. | ||||
| CVE-2024-31210 | 1 Wordpress | 1 Wordpress-develop | 2024-11-21 | 7.7 High |
| WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Super Admin level users on Multisite installations where it's otherwise expected that the user does not have permission to upload or execute arbitrary PHP code. Lower level users are not affected. Sites where the `DISALLOW_FILE_MODS` constant is set to `true` are not affected. Sites where an administrative user either does not need to enter FTP credentials or they have access to the valid FTP credentials, are not affected. The issue was fixed in WordPress 6.4.3 on January 30, 2024 and backported to versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40. A workaround is available. If the `DISALLOW_FILE_MODS` constant is defined as `true` then it will not be possible for any user to upload a plugin and therefore this issue will not be exploitable. | ||||
| CVE-2024-31096 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4. | ||||
| CVE-2024-31086 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0. | ||||
| CVE-2024-30546 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1. | ||||
| CVE-2024-30541 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1. | ||||
| CVE-2024-30521 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1. | ||||
| CVE-2024-30509 | 2 Artbees, Wordpress | 2 Sellkit, Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1. | ||||